Last year, some hacker managed to steal huge funds from mybitcoin.com. How got blamed? The operator of mybitcoin.com. No one cared about the actual hacker. This year, a hacker stole 45k from Bitcoinica. Everyone blamed the operators. The owners replaced the funds. No one cared about the actual hacker.Now recently more funds where stolen from Bitcoinica. MtGox even knows who the hacker is, but "of course" cannot share this information. So same thing as every time, no one cares about the actual hacker. Everyone blames the operators and tries to lynch them.

Conclusion: In the Bitcoin world it is OK to steal, the blame will always be on the victim. A hacker can even use his real name and real address, and still no one cares. Blame and lawsuits are always on the victims...

Psychologically, they already know they lost their money to the hacker and know they aren't getting it back. They feel better about blaming someone else (the operator) so they don't feel as stupid about it. The more they whine about the operator not doing a good enough job, the better they will feel, and start to forget about their own stupidity. Even though it's the hackers fault for all of this, everyone knows catching them and getting their BTC back is never going to realistically happen.

Tell yourself a lie long enough, and even you will start to believe it.

If you are stupid and leave a briefcase full of cash out in the public square, you SHOULD be blamed when it gets stolen.

It was more like this: a burglar breaks into your hours, and you call the police, they will not investigate but tell you: "you should have had 10 foot concrete walls around your house, but your where only 3 foot, so it your fault. now go to jail".

Psychologically, they already know they lost their money to the hacker and know they aren't getting it back. They feel better about blaming someone else (the operator) so they don't feel as stupid about it. The more they whine about the operator not doing a good enough job, the better they will feel, and start to forget about their own stupidity. Even though it's the hackers fault for all of this, everyone knows catching them and getting their BTC back is never going to realistically happen.

Tell yourself a lie long enough, and even you will start to believe it.

First I thought like you. But this time the hacker is known, according to MtGox. But still they blame and try to sue the operator, and don't care about the actual thief. So I think it is more symptomatic than it is self-deception.

This has happened with Mt. Gox last year (Gox was blamed) as well. The issue is not so much blaming the victim, as blaming the only identificable source of error (try tracking down these hackers...).

This time MtGox even knows who has stolen the funds. Does that change anything? Apparently not!

Where have they said that?

Regular customers have to wait weeks to get their funds out, but the hacker managed do withdraw this in an instant. So of course, MtGox knows them. And so eventually somewhere in this MtGox account thread they stated that they do, but don't share this information publicly.

Conclusion: In the Bitcoin world it is OK to steal, the blame will always be on the victim. A hacker can even use his real name and real address, and still no one cares. Blame and lawsuits are always on the victims...

Well done cpt. Obvious !

Until BTC is legal tender or recognised by the law / state as property nobody can do a damn thing about them getting stolen / hacked.

Last year, some hacker managed to steal huge funds from mybitcoin.com. How got blamed? The operator of mybitcoin.com. No one cared about the actual hacker. This year, a hacker stole 45k from Bitcoinica. Everyone blamed the operators. The owners replaced the funds. No one cared about the actual hacker.Now recently more funds where stolen from Bitcoinica. MtGox even knows who the hacker is, but "of course" cannot share this information. So same thing as every time, no one cares about the actual hacker. Everyone blames the operators and tries to lynch them.

Conclusion: In the Bitcoin world it is OK to steal, the blame will always be on the victim. A hacker can even use his real name and real address, and still no one cares. Blame and lawsuits are always on the victims...

Last year, some hacker managed to steal huge funds from mybitcoin.com. How got blamed? The operator of mybitcoin.com. No one cared about the actual hacker. This year, a hacker stole 45k from Bitcoinica. Everyone blamed the operators. The owners replaced the funds. No one cared about the actual hacker.Now recently more funds where stolen from Bitcoinica. MtGox even knows who the hacker is, but "of course" cannot share this information. So same thing as every time, no one cares about the actual hacker. Everyone blames the operators and tries to lynch them.

Conclusion: In the Bitcoin world it is OK to steal, the blame will always be on the victim. A hacker can even use his real name and real address, and still no one cares. Blame and lawsuits are always on the victims...

Welcome to crypto-anarchy! The future is already here.

A. If you go after the hacker... there will be 10 more in line behind him.

A. Going after the hackers protects a bad service.

B. If you go after the service provider... the next 10 hackers will be unsuccessful.

B. Going after the service provider ensures a better service is provided in the future.

Even if the credit card customer is negligent, it's usually the bank that takes the hit, and then socializes the cost among all customers. Very rarely the it's the scammer.

With bitcoin, at least I don't have to pay for other people's negligence. And yes, if you entrust tens of thousands of dollars to an alpha-web app run by an one-man enterprise then that is also a form of negligence.

Regular customers have to wait weeks to get their funds out, but the hacker managed do withdraw this in an instant. So of course, MtGox knows them. And so eventually somewhere in this MtGox account thread they stated that they do, but don't share this information publicly.

I don't follow your logic. The hacker logged into MtGox as Bitcoinica. MtGox allowed the instant transfer because they know who Bitcoinica is. This doesn't mean they know who the hacker is. I have not seen anywhere that MtGox said that they can identify the hacker.

And so eventually somewhere in this MtGox account thread they stated that they do, but don't share this information publicly.

They said they were filing a report with the police and could not publicly discuss the information they had while the matter was being investigated. They did not say that they knew who the hacker was. They said they knew where the transactions went. That information may allow the hacker to be traced but it doesn't mean that MtGox is aware of their identity.

All I can say is that this is Bitcoin. I don't believe it until I see six confirmations.

It was more like this: a burglar breaks into your hours, and you call the police, they will not investigate but tell you: "you should have had 10 foot concrete walls around your house, but your where only 3 foot, so it your fault. now go to jail".

Perhaps more like this:You use a bank that is not insured to deposit your money. You believe that the bank is taking reasonable security precautions. They store all deposits in a vault that requires a key that is only held by the bank owner. The bank owner then gets careless and makes multiple copies of the key to the vault. The bank announces that it will be closing its doors and sends all its employees home. Then the bank owner leaves the copies of the vault key in public places all over town attached to a note that says "bank vault key" and has the address of the bank. A criminal who knows that there is no security guarding the bank finds one of the copies of the key. He walks in the unlocked front door when nobody is looking. He uses the key, takes the money out of the vault, and leaves. He leaves behind no evidence.

Obviously you are upset that a criminal took your money from the vault before the bank managed to return your deposit to you, but why wouldn't you blame the bank owner for leaving the key all over town and the money unsecured?

And so eventually somewhere in this MtGox account thread they stated that they do, but don't share this information publicly.

They said they were filing a report with the police and could not publicly discuss the information they had while the matter was being investigated. They did not say that they knew who the hacker was. They said they knew where the transactions went. That information may allow the hacker to be traced but it doesn't mean that MtGox is aware of their identity.

Wow, I wasn't aware that you can withdraw 40kBTC and 40kUSD while having an anonymous account at MtGox. The same MtGox that is known for their extensively KYC and AML... Maybe you know something that we dont?

And so eventually somewhere in this MtGox account thread they stated that they do, but don't share this information publicly.

They said they were filing a report with the police and could not publicly discuss the information they had while the matter was being investigated. They did not say that they knew who the hacker was. They said they knew where the transactions went. That information may allow the hacker to be traced but it doesn't mean that MtGox is aware of their identity.

Wow, I wasn't aware that you can withdraw 40kBTC and 40kUSD while having an anonymous account at MtGox. The same MtGox that is known for their extensively KYC and AML... Maybe you know something that we dont?

Read DannyHamilton's comment 3 or 4 posts above yours. Obviously Bitcoinica's account was AML verified/trusted, so withdrawals of huge amounts would be possible. How it happened instantly, I don't know.

Wow, I wasn't aware that you can withdraw 40kBTC and 40kUSD while having an anonymous account at MtGox. The same MtGox that is known for their extensively KYC and AML... Maybe you know something that we dont?

It wasn't an anonymous account which withdrew the money. It was the Bitcoinica account which had trusted status - at one point the limits for trusted status were $100,000 and BTC 40,000 daily. They've been revised since then and yet again after the hack. you need to remember that as far as MtGox's computer was concerned it was Bitoinica making the withdrawals and Bitcoinica had a history of moving large amounts on and off MtGox. It's possible that there even more funds in the Bitcoinica account but the hacker was unable to access them because of the daily limits.

All I can say is that this is Bitcoin. I don't believe it until I see six confirmations.

Wow, I wasn't aware that you can withdraw 40kBTC and 40kUSD while having an anonymous account at MtGox. The same MtGox that is known for their extensively KYC and AML... Maybe you know something that we dont?

It wasn't an anonymous account which withdrew the money. It was the Bitcoinica account which had trusted status - at one point the limits for trusted status were $100,000 and BTC 40,000 daily. They've been revised since then and yet again after the hack. you need to remember that as far as MtGox's computer was concerned it was Bitoinica making the withdrawals and Bitcoinica had a history of moving large amounts on and off MtGox. It's possible that there even more funds in the Bitcoinica account but the hacker was unable to access them because of the daily limits.

Where does not equal whom. We have no idea what method of withdrawal was used for the USD, but it';s unlikely that the hacker tried to get it payed into their bank account.

While unlikely, we don't know it. Keep in mind, that all those more or less anonymous withdraws take weeks, so either MtGox helped to speed this up, in which case they very much know with whom they dealt, or yes it was redrawn to some bank account.

Where does not equal whom. We have no idea what method of withdrawal was used for the USD, but it';s unlikely that the hacker tried to get it payed into their bank account.

While unlikely, we don't know it. Keep in mind, that all those more or less anonymous withdraws take weeks, so either MtGox helped to speed this up, in which case they very much know with whom they dealt, or yes it was redrawn to some bank account.

Or it was transferred to a handful of throw away account w/ fake info and used to buy BTC and removed from the site.Or it was transferred to Accrum Exchange and used to buy Liberty Reserve.

Lots of methods to get USD off MtGox nearly instantly. Not all of them are low cost but I doubt any thief was worried about that.

The idea that the thief did a wire transfer to their personal bank account is just stupid.

Or it was transferred to Accrum Exchange and used to buy Liberty Reserve.

I think Aurum Exchange is not that anonymously. If this was the case, they could probably identify the hacker, once given some information. But because all information that could lead to the hacker is classified by MtGox we will never know.

The idea that the thief did a wire transfer to their personal bank account is just stupid.

I agree, but even then, have you ever seen single police investigation in Bitcoin land? There have been a number of heists and not a single one. So why now? Why do you believe, that it will be different this time?

BTW, it is still be possible that one of the involved parties (Consultancy,Zhou,Tihan,...) was withdrawing.The community could recognize some account number or anything. I doubt that some complete Bitcoin-virgin that did steal this.I give you an example: someone recognized Zhou exchanging some 40k$ LR to RMB for some bad rate in a hurry a day after the theft. Zhou said it was unrelated, but this shows that a community can recognize way more than some astonished local Japanese police officer.

Last year, some hacker managed to steal huge funds from mybitcoin.com. How got blamed? The operator of mybitcoin.com. No one cared about the actual hacker. This year, a hacker stole 45k from Bitcoinica. Everyone blamed the operators. The owners replaced the funds. No one cared about the actual hacker.Now recently more funds where stolen from Bitcoinica. MtGox even knows who the hacker is, but "of course" cannot share this information. So same thing as every time, no one cares about the actual hacker. Everyone blames the operators and tries to lynch them.

Conclusion: In the Bitcoin world it is OK to steal, the blame will always be on the victim. A hacker can even use his real name and real address, and still no one cares. Blame and lawsuits are always on the victims...

Welcome to crypto-anarchy! The future is already here.

A. If you go after the hacker... there will be 10 more in line behind him.

A. Going after the hackers protects a bad service.

B. If you go after the service provider... the next 10 hackers will be unsuccessful.

B. Going after the service provider ensures a better service is provided in the future.

A. If you go after the thief, he will be ultimately unsuccessful in his plan, and others will think twice if theft is worth the consequences. Going after thieves protects honest people from becoming victims.

B. If you go after service provider (assuming no criminal negligence or insider jobs, in which case A applies), you will punish the victim - and we are talking potentially devastating consequences for their careers, families, and health. Other service providers will boost up security out of fear, and outsource the cost to third parties or to customers. Thieves will have nothing to fear, and will now have to either step up their efforts or find another victim. Either way, more shitty situations which could have been avoided with option A.

I tend to agree with OP.

They'rethere, in their room.Your mining rig is on fire, yet you're very calm.

Last year, some hacker managed to steal huge funds from mybitcoin.com. How got blamed? The operator of mybitcoin.com. No one cared about the actual hacker. This year, a hacker stole 45k from Bitcoinica. Everyone blamed the operators. The owners replaced the funds. No one cared about the actual hacker.Now recently more funds where stolen from Bitcoinica. MtGox even knows who the hacker is, but "of course" cannot share this information. So same thing as every time, no one cares about the actual hacker. Everyone blames the operators and tries to lynch them.

Conclusion: In the Bitcoin world it is OK to steal, the blame will always be on the victim. A hacker can even use his real name and real address, and still no one cares. Blame and lawsuits are always on the victims...

Last year, some hacker managed to steal huge funds from mybitcoin.com. How got blamed? The operator of mybitcoin.com. No one cared about the actual hacker. This year, a hacker stole 45k from Bitcoinica. Everyone blamed the operators. The owners replaced the funds. No one cared about the actual hacker.Now recently more funds where stolen from Bitcoinica. MtGox even knows who the hacker is, but "of course" cannot share this information. So same thing as every time, no one cares about the actual hacker. Everyone blames the operators and tries to lynch them.

Conclusion: In the Bitcoin world it is OK to steal, the blame will always be on the victim. A hacker can even use his real name and real address, and still no one cares. Blame and lawsuits are always on the victims...

Hopefully Bitcoin teaches people personal responsibility. I doubt it, but one can dream.

It's so ridiculously easy to secure your own coins, if yours are stolen, you've made a mistake. This isn't blaming the victim, it's stating a fact.

The world is a harsh place full of people who will do whatever they can to get an advantage. This probably isn't going to change anytime in the near future, so the answer is to protect yourself.

Personally, I feel it's far easier and far cheaper to secure Bitcoins than any other asset I can think of. With some minimal effort you can raise the bar for wallet theft so high that it is practically impossible to have your coins stolen. I'm speaking of encrypted wallet fragments located in different physical locations under lock and key. I'd like to see someone hack that.

TL;DR: The Bitcoin user has the option to make his coins impossible to hack, for all practical purposes. A hacker's dream, I think not. A fool and his money are soon parted.

Sorry I don't buy the bolded parts.The software part I agree can make it "virtually" impossible to steal, but there always is a physical and mental part that is near impossible to secure without high costs and high inconveniences.A good way to make your coins practically impossible to steal is to send them to a random address...

I give you an example: someone recognized Zhou exchanging some 40k$ LR to RMB for some bad rate in a hurry a day after the theft. Zhou said it was unrelated, but this shows that a community can recognize way more than some astonished local Japanese police officer.

Since my name has been mentioned I would just reply in this thread anyway. I'll explain this, for once and for all.

As I explained in the QQ Group where the trades happened, I was cashing out for a Singaporean friend who has $100K in total in several LR accounts. I was able to get much better USD/SGD exchange rates than any bank customers. (I was able to get "interbank" rates: https://bitcointalk.org/index.php?topic=76156.0)

I was not "in a hurry". Even on today I have done a deal with someone. (7 days is not "hurry".)

The rate was not bad. Most e-currency exchanges charge 1.5%-2% plus wire fees (about $50 per transaction including routing fees). USD/CNY exchange rate is highly stable and I can access to discounted exchange rate through my Chinese bank as well. I actually got a better deal.

And it's definitely not $40K (which is the stolen USD amount that Bitcoinica claims). I have also placed a single $40K AurumXchange order during the same period.

I still have an operating business in Singapore (http://www.sgitcoin.com/) and this service is actually quite popular (top Google result for "buy bitcoin in singapore"). Therefore I regularly deal with foreign exchange, money transfers and e-currencies.

Hopefully Bitcoin teaches people personal responsibility. I doubt it, but one can dream.

It's so ridiculously easy to secure your own coins, if yours are stolen, you've made a mistake. This isn't blaming the victim, it's stating a fact.

The world is a harsh place full of people who will do whatever they can to get an advantage. This probably isn't going to change anytime in the near future, so the answer is to protect yourself.

Personally, I feel it's far easier and far cheaper to secure Bitcoins than any other asset I can think of. With some minimal effort you can raise the bar for wallet theft so high that it is practically impossible to have your coins stolen. I'm speaking of encrypted wallet fragments located in different physical locations under lock and key. I'd like to see someone hack that.

TL;DR: The Bitcoin user has the option to make his coins impossible to hack, for all practical purposes. A hacker's dream, I think not. A fool and his money are soon parted.

Worth noting in Bitcoinland, there just isn't much money floating around. The current BTC market cap could not even purchase the world's 15th most expensive yacht. Much (if not most) business is done between people with little to no experience in the sector they're trading in. Security is surprisingly lacking when you assume everyone is a well-read nerd with plenty of time and money, but much more expected thinking most Bitcoin-related businesses are 3 years old or newer, start with the standard start-up budget of near-nothing, do not have profits able to justify hiring serious, experienced security experts, and having business operators with as much experience in their sector as their business has existed.

Hard to imagine this problem not getting better, even without shifting responsibility onto governments instead of those who permitted victimization. Even if Bitcoinica ops do not learn from mistakes, other ops will. MtGox did not need two more tens-of-thousands-worth-of-USD hacks to realize they needed to beef up security in a dramatic fashion, and they did not need the government tracking down a cyber-criminal in Moldova to do so, nor to repay customers.

I think OP was referring to the mindset of certain Bitcoin users, not criticizing btc itself. Apparently many think that it's perfectly ok to steal, and to let thieves operate without any consequences.

They'rethere, in their room.Your mining rig is on fire, yet you're very calm.

I think OP was referring to the mindset of certain Bitcoin users, not criticizing btc itself. Apparently many think that it's perfectly ok to steal, and to let thieves operate without any consequences.

Then the thread should be titled: "A few individuals are a hackers dream".

If there was a poll thread asking if the Bitcoinica thieves should be punished if caught, I'm sure the overwhelming majority would vote yes.

And yet most of time and resources seem to be dedicated to bashing the victims.

They'rethere, in their room.Your mining rig is on fire, yet you're very calm.

A. If you go after the thief, he will be ultimately unsuccessful in his plan, and others will think twice if theft is worth the consequences. Going after thieves protects honest people from becoming victims.

B. If you go after service provider (assuming no criminal negligence or insider jobs, in which case A applies), you will punish the victim - and we are talking potentially devastating consequences for their careers, families, and health. Other service providers will boost up security out of fear, and outsource the cost to third parties or to customers[/u]. Thieves will have nothing to fear, and will now have to either step up their efforts or find another victim. Either way, more shitty situations which could have been avoided with option A.

Good points. I highlighted an important part of your post.

If criminals are never punished, innocents will always pay for it one way or another. Security is not free. If we didn't have to worry much about criminals, we could use these resources in better ways. And I know no better way to create a counter-incentive to crime then to punish those who commit it.

Me too, except that I don't think this problem is exclusive to bitcoin. It's a "cyberspace problem". Hackers are almost never punished, and the costs of their actions fall over everybody else. Actually, as Timo Y quoted below notes, it's a little better in BTC-world than in CC-word as here the costs of a hack are not totally diluted. (I wouldn't be so harsh on all those who put their money on Bitcoinica though...)

Even if the credit card customer is negligent, it's usually the bank that takes the hit, and then socializes the cost among all customers. Very rarely the it's the scammer.

With bitcoin, at least I don't have to pay for other people's negligence. And yes, if you entrust tens of thousands of dollars to an alpha-web app run by an one-man enterprise then that is also a form of negligence.

...The software part I agree can make it "virtually" impossible to steal, but there always is a physical and mental part that is near impossible to secure without high costs and high inconveniences....

Perhaps you could elaborate on the "physical and mental part" and explain what they have to do with Bitcoin and not any other asset.

You understand having a paper wallet in a vault is not convenient for spending it ?You understand this vault has a cost right ?You understand someone know how to open than vault right ? (without force)

You may not know, but there are ways and drugs that will make you do anything even against your will.

...The software part I agree can make it "virtually" impossible to steal, but there always is a physical and mental part that is near impossible to secure without high costs and high inconveniences....

Perhaps you could elaborate on the "physical and mental part" and explain what they have to do with Bitcoin and not any other asset.

You understand having a paper wallet in a vault is not convenient for spending it ?You understand this vault has a cost right ?You understand someone know how to open than vault right ? (without force)

You may be unaware of it, but there are ways and drugs that will make you do anything even against your will.

Who said anything about a paper wallet? Who said anything about a vault? And your examples go far beyond "hacking".

You can have convenience or you can have security. With clients like Armory you can even have both.

For the price of a cheap laptop and a few thumb drives you can have security that is practically impossible to break. When individually inaccessible pieces of your wallet are spread around in different physical locations, it's going to be pretty hard to "hack". If you fear drugs or torture, and would prefer death over having your Bitcoins stolen, give pieces of your wallet to random family members and tell them to keep secure regardless of any kidnapping ransoms.

I stand by my statement, "I feel it's far easier and far cheaper to secure Bitcoins than any other asset I can think of." I can split the wallet to make it worthless without obtaining each piece. With physical assets, even if they are stored in a vault, once that is breached, you've lost your asset.

I think I've already agreed on the secure part of software (armory), but software run on hardware and are used by brains.

Anyway how convenient is it to have to remember where and recover all the piece of paper wallet are stored before spending it.

That make me think, do we want people to sit on their paper wallet forever or actually use Ƀ for commerce ?

The only place where I have coins that are not encrypted on my HDD or USB is with an exchanger that uses the yubikey with 2 factor authentication.. The only downside is is that if I were to lose my key, I would be sol for about 2 weeks...

From the title, I thought this thread was about the other kind of hackers and would have some cool ideas about multisignatures, or verifying receipt of coins without having to have the private key online, or hackerspaces, or other great ideas. Oh well. I'll address this:

I think OP was referring to the mindset of certain Bitcoin users, not criticizing btc itself. Apparently many think that it's perfectly ok to steal, and to let thieves operate without any consequences.

It's not OK to steal, and it's wrong for the thief to do so. It's also wrong to harm innocents or destroy bitcoin entirely in the quest to punish thieves.

Bitcoin provides Internet cash, which does have the weakness of being stealable. While no one wants to encourage theft, it's a difficult problem, because the initial proposed solution to stop thieves just makes things worse. Tainting coins makes it too easy for thieves to cause trouble for innocent recipients of stolen coins and adds very little to stop the thief, so it's been rejected as unacceptable by most. What else can be done? Convincing merchants and service providers to demand their customers prove the origin of all their coins? The blockchain can't offer proof, as it's easy to trade private keys outside the blockchain. Verifying identity? Adds very little protection (thieves also routinely steal identities) while defeating one of the main reasons to use bitcoin, pseudonymity. And any intentional collaboration of major mining pools to reverse selected transactions would strike fear into the heart of every Bitcoin user. Even if improved versions of all of those solutions were adopted by honest merchants, you still have plenty of unscrupulous sellers willing to accept known stolen bitcoins; after all they are "cold", "hard", verifiable bitcoins.

It's easy to pass blame, but everything has tradeoffs. Yes, bitcoin holders can increase wallet security, at a cost. Yes, MtGox can make withdrawals more difficult, which they have been doing, but customers have been complaining. Governments can collaborate internationally to allow stronger investigation and enforcement of computer crime across borders, but this reduces everyone's freedom. As Internet cash, bitcoin enforces the idea of "trust no one, but yourself" and the wallet holder is ultimately responsible for his or her own security. And anyone who trusts someone else with their coins is also indirectly responsible for that security. I knew Bitcoinica had a large hot wallet based on how fast withdrawals were occurring, so I withdrew all my funds. I have no coins or funds in MtGox or GLBSE because they're huge targets. I could be making more money if I took these risks but it's up to me. Security is a trade-off and has a cost. With Bitcoin, everyone has the freedom to decide who to trust and how much to invest in security.

OP, I understand your disappointment at the state of things. It's best not to complain about the state of Bitcoin but instead treat the weakness as opportunity. Go ahead, come up with an amazing new way to stop thefts. And yes, demand more security from those who hold your coins. I expect it will be needed, as stealing bitcoins need not be the only incentive for the thieves; they're also paid in fiat, created out of nothing by those who stand to profit from Bitcoin's demise. Increasing amounts of resources will be spent on attacking bitcoin sites as Bitcoin grows, so at each price jump, spend some bitcoins on as much security as the value of those coins demand, and it will likely pay off.